Apparently, for the past couple of days, Facebook’s Android app (com.facebook.katana) has been asking for superuser access to users’ devices. However, if a user tries to deny this request, it still continues asking until the user grants permission. This has led to panic among users who took to various internet forums looking for an explanation for the suspicious pop-ups. “Today I was browsing Facebook when suddenly I got a superuser request popup,” one user wrote on XDA developer forums. “Could anyone explain why Facebook needs SU permissions?” Another user commented, “Same happened to me too. Started yesterday afternoon. Facebook last updated 1 day ago, so it must have to do something with new version.” Also, users from France, Australia, and the UK confirmed in the same thread that they too received the same pop-up from Facebook to grant root access.
— Jasper Roos (@JasperRoos) May 17, 2018 Several Android security researchers who spoke with Bleeping Computer believe that the pop-ups are appearing because of a coding error. Avast mobile security researcher Nikolaos Chrysaidos who took a look at the Facebook’s app source code told Bleeping Computer that it could most probably be a coding error. WhiteOps SDK, used for detecting ad fraud, is said to be the reason behind this Superuser permission. He said, “The dialog started popping up on users that are in the beta channel. Along with other various checks. Facebook is probably integrating WhiteOps SDK, and they forgot to re-implement the ROOT checking functionality.” When Facebook was contacted for a clarification on the situation, a spokesperson confirmed the pop-up dialog was caused by a ‘coding error’. According to the company’s official statement, the pop-up was only been seen by people who used rooted devices, and that too, only under certain circumstances. However, the company has fixed the problem with a new update. “A coding error in one of our anti-fraud systems caused a small number of people running the Facebook app and certain permission management apps on rooted Android phones to see a request for additional access permissions. We do not need or want these permissions, and we have already fixed this issue. We apologize for any confusion.” Since the issue has been fixed, all those users who were perturbed by the pop-ups can now breathe sigh of relief. With Facebook already facing criticism over its data and privacy policies due to Cambridge Analytica scandal, the “Superuser” permission issue has not only come at the wrong time for the social media giant but it has also added more fuel to the fire.